#!/usr/bin/env bash

set -eux

ARCH="$($SNAP/bin/uname -m)"
export LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH:/usr/bin:/usr/local/bin"
export OPENSSL_CONF="/snap/microk8s/current/etc/ssl/openssl.cnf"

source $SNAP/actions/common/utils.sh

cp -r ${SNAP}/default-args ${SNAP_DATA}/args

# Sym link the host's /var/lib/kubelet to the Snap's.  This will be fixed with layouts when
# this Snap is strictly confined.  Warn if there's already a directory.
if ! [ -e /var/lib/kubelet ] &&
   ln -s $SNAP_COMMON/var/lib/kubelet /var/lib/kubelet
then
  echo "\`/var/lib/kubelet\` linked to $SNAP_COMMON"
else
  echo "\`/var/lib/kubelet\` already exists.  Will not be linking to $SNAP_COMMON"
fi

# Create the certificates
mkdir ${SNAP_DATA}/certs
# Allow the ability to add external IPs to the csr, by moving the csr.conf.template to SNAP_DATA
cp ${SNAP}/certs/csr.conf.template ${SNAP_DATA}/certs/csr.conf.template
produce_certs
rm -rf .srl

mkdir ${SNAP_DATA}/credentials
ca_data=$(cat ${SNAP_DATA}/certs/ca.crt | ${SNAP}/usr/bin/base64 -w 0)

# Create the known tokens
admin_token=$(openssl rand -base64 32 | ${SNAP}/usr/bin/base64)
echo "${admin_token},admin,admin,\"system:masters\"" > ${SNAP_DATA}/credentials/known_tokens.csv
proxy_token=$(${SNAP}/usr/bin/openssl rand -base64 32 | ${SNAP}/usr/bin/base64)
echo "${proxy_token},system:kube-proxy,kube-proxy" >> ${SNAP_DATA}/credentials/known_tokens.csv
kubelet_token=$(${SNAP}/usr/bin/openssl rand -base64 32 | ${SNAP}/usr/bin/base64)
hostname=$(hostname)
echo "${kubelet_token},system:node:${hostname},kubelet-0,\"system:nodes\"" >> ${SNAP_DATA}/credentials/known_tokens.csv
controller_token=$(${SNAP}/usr/bin/openssl rand -base64 32 | ${SNAP}/usr/bin/base64)
echo "${controller_token},system:kube-controller-manager,controller" >> ${SNAP_DATA}/credentials/known_tokens.csv
scheduler_token=$(${SNAP}/usr/bin/openssl rand -base64 32 | ${SNAP}/usr/bin/base64)
echo "${scheduler_token},system:kube-scheduler,scheduler" >> ${SNAP_DATA}/credentials/known_tokens.csv

# Create the client kubeconfig
cp ${SNAP}/client.config.template ${SNAP_DATA}/credentials/client.config
$SNAP/bin/sed -i 's/CADATA/'"${ca_data}"'/g' ${SNAP_DATA}/credentials/client.config
$SNAP/bin/sed -i 's/NAME/admin/g' ${SNAP_DATA}/credentials/client.config
$SNAP/bin/sed -i '/username/d' ${SNAP_DATA}/credentials/client.config
$SNAP/bin/sed -i 's/AUTHTYPE/token/g' ${SNAP_DATA}/credentials/client.config
$SNAP/bin/sed -i 's/PASSWORD/'"${admin_token}"'/g' ${SNAP_DATA}/credentials/client.config

# Create the client kubeconfig for the controller
cp ${SNAP}/client.config.template ${SNAP_DATA}/credentials/controller.config
$SNAP/bin/sed -i 's/CADATA/'"${ca_data}"'/g' ${SNAP_DATA}/credentials/controller.config
$SNAP/bin/sed -i 's/NAME/controller/g' ${SNAP_DATA}/credentials/controller.config
$SNAP/bin/sed -i '/username/d' ${SNAP_DATA}/credentials/controller.config
$SNAP/bin/sed -i 's/AUTHTYPE/token/g' ${SNAP_DATA}/credentials/controller.config
$SNAP/bin/sed -i 's/PASSWORD/'"${controller_token}"'/g' ${SNAP_DATA}/credentials/controller.config

# Create the client kubeconfig for the scheduler
cp ${SNAP}/client.config.template ${SNAP_DATA}/credentials/scheduler.config
$SNAP/bin/sed -i 's/CADATA/'"${ca_data}"'/g' ${SNAP_DATA}/credentials/scheduler.config
$SNAP/bin/sed -i 's/NAME/scheduler/g' ${SNAP_DATA}/credentials/scheduler.config
$SNAP/bin/sed -i '/username/d' ${SNAP_DATA}/credentials/scheduler.config
$SNAP/bin/sed -i 's/AUTHTYPE/token/g' ${SNAP_DATA}/credentials/scheduler.config
$SNAP/bin/sed -i 's/PASSWORD/'"${scheduler_token}"'/g' ${SNAP_DATA}/credentials/scheduler.config

# Create the proxy and kubelet kubeconfig
cp ${SNAP}/client.config.template ${SNAP_DATA}/credentials/kubelet.config
$SNAP/bin/sed -i 's/NAME/kubelet/g' ${SNAP_DATA}/credentials/kubelet.config
$SNAP/bin/sed -i 's/CADATA/'"${ca_data}"'/g' ${SNAP_DATA}/credentials/kubelet.config
$SNAP/bin/sed -i '/username/d' ${SNAP_DATA}/credentials/kubelet.config
$SNAP/bin/sed -i 's/AUTHTYPE/token/g' ${SNAP_DATA}/credentials/kubelet.config
$SNAP/bin/sed -i 's/PASSWORD/'"${kubelet_token}"'/g' ${SNAP_DATA}/credentials/kubelet.config

cp ${SNAP}/client.config.template ${SNAP_DATA}/credentials/proxy.config
$SNAP/bin/sed -i 's/NAME/kubeproxy/g' ${SNAP_DATA}/credentials/proxy.config
$SNAP/bin/sed -i 's/CADATA/'"${ca_data}"'/g' ${SNAP_DATA}/credentials/proxy.config
$SNAP/bin/sed -i '/username/d' ${SNAP_DATA}/credentials/proxy.config
$SNAP/bin/sed -i 's/AUTHTYPE/token/g' ${SNAP_DATA}/credentials/proxy.config
$SNAP/bin/sed -i 's/PASSWORD/'"${proxy_token}"'/g' ${SNAP_DATA}/credentials/proxy.config

for dir in ${SNAP_DATA}/credentials/ ${SNAP_DATA}/certs/ ${SNAP_DATA}/args/
do
  chmod -R ug+rwX ${dir}
  chmod -R o-rwX ${dir}
done

for link in cni0 cilium_vxlan
do
  if $SNAP/sbin/ip link show ${link}
  then
    $SNAP/sbin/ip link delete ${link}
  fi
done

init_cluster

mkdir -p "${SNAP_DATA}/var/lock"
set_service_not_expected_to_start etcd
set_service_not_expected_to_start flanneld

touch "${SNAP_DATA}/var/lock/ha-cluster"
touch "${SNAP_DATA}/var/lock/lite.lock"

RESOURCES="$SNAP/upgrade-scripts/000-switch-to-calico/resources"
BACKUP_DIR="$SNAP_DATA/var/tmp/upgrades/000-switch-to-calico"

mkdir -p "$BACKUP_DIR"

mkdir -p "$BACKUP_DIR/args/cni-network/"
cp "$SNAP_DATA"/args/cni-network/* "$BACKUP_DIR/args/cni-network/" 2>/dev/null || true
rm -rf "$SNAP_DATA"/args/cni-network/*
if [ "$ARCH" == "s390x" ]
then
  cp "$RESOURCES/calico.s390x.yaml" "$SNAP_DATA/args/cni-network/cni.yaml"
else
  cp "$RESOURCES/calico.yaml" "$SNAP_DATA/args/cni-network/cni.yaml"
fi
mkdir -p "$SNAP_DATA/opt/cni/bin/"
cp -R "$SNAP"/opt/cni/bin/* "$SNAP_DATA"/opt/cni/bin/
